In this article, we will install and configure the squid proxy and caching server. The term proxy is generally combined with two different terms: one is forward proxy and the other is reverse proxy.
When we say proxy, it generally refers to forward proxy. A forward proxy acts as a gateway between a client’s browser and the Internet, requesting the content on behalf of the client. This protects intranet clients by exposing the proxy as the only requester. A proxy can also be used as a filtering agent, imposing organizational policies. As all Internet requests go through the proxy server, the proxy can cache the response and return cached content when a similar request is found, thus saving bandwidth and time.
A reverse proxy is the exact opposite of a forward proxy. It protects internal servers from the outside world. A reverse proxy accepts requests from external clients and routes them to servers behind the proxy. External clients can see a single entity serving requests, but internally, it can be multiple servers working behind the proxy and sharing the load.
In this article, we will discuss how to install a squid server. Squid is a well-known application in the forward proxy world and works well as a caching proxy. It supports HTTP, HTTPS, FTP, and other popular network protocols.
As always, you will need access to a root account or an account with
Install and Configure Squid Proxy
Following are the steps to setup and configure Squid proxy:
Squid is quite an old, mature, and commonly used piece of software. It is generally shipped as a default package with various Linux distributions. The Ubuntu package repository contains the necessary pre-compiled binaries, so the installation is as easy as two commands.
First, update the
apt cache and then install squid as follows:
$ sudo apt-get update $ sudo apt-get install squid3
$ sudo nano /etc/squid3/squid.conf
Ensure that the
cache_dir directive is not commented out:
cache_dir ufs /var/spool/squid3 100 16 256
Optionally, change the
http_port directive to your desired TCP port:
Optionally, change the squid hostname:
Save changes with Ctrl + O and exit with Ctrl + X.
Restart the squid server:
$ sudo service squid3 restart
Make sure that you have allowed the selected
http_port on firewall.
Next, configure your browser using the squid server as the
How Squid Proxy works:
Squid is available as a package in the Ubuntu repository, so you can directly install it with the
apt-get install squid command. After installing squid, we need to edit the
squid.conf file for some basic settings. The
squid.conf file is quite a big file and you can find a large number of directives listed with their explanation. It is recommended to create a copy of the original configuration file as a reference before you do any modifications.
In our example, we are changing the port squid listens on. The default port is
3128. This is just a security precaution and it’s fine if you want to run squid on the default port. Secondly, we have changed the hostname for squid.
Other important directive to look at is
cache_dir. Make sure that this directive is enabled, and also set the cache size. The following example sets
/var/spool/suid3 with the size set to
cache_dir ufs /var/spool/squid3 100 16 256
To check the cache utilization, use the following command:
$ sudo du /var/spool/squid3
Squid provides lot more features than a simple proxy server. Following is a quick list of some important features:
acl developers src 192.168.2.0/24
Then, add the following line at the top of the
http_access section in the same file:
http_access allow developers
Set cache refresh rules
You can change squid’s caching behavior depending on the file types. Add the following line to cache all image files to be cached—the minimum time is an hour and the maximum is a day:
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 3600 90% 86400
This line uses a regular expression to find the file names that end with any of the listed file extensions (
Sarg – tool to analyze squid logs
Squid Analysis Report Generator is an open source tool to monitor the squid server usages. It parses the logs generated by Squid and converts them to easy-to-digest HTML-based reports. You can track various metrics such as bandwidth used per user, top sites, downloads, and so on. Sarg can be quickly installed with the following command:
$ sudo apt-get install sarg
The configuration file for Sarg is located at
/etc/squid/sarg.conf. Once installed, set the
output_dir path and run
sarg. You can also set cron jobs to execute
sarg periodically. The generated reports are stored in
output_dir and can be accessed with the help of a web server.
Squid guard is another useful plugin for squid server. It is generally used to block a list of websites so that these sites are inaccessible from the internal network. As always, it can also be installed with a single command, as follows:
$ sudo apt-get install squidguard
The configuration file is located at